Fixes are available
APAR status
Closed as program error.
Error description
After performing a secured form login it is not possible to get the HTTP session. The error message is, SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:YourRealm/cn=anotherUser.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server Liberty Profile with security and * * session security enabled. * **************************************************************** * PROBLEM DESCRIPTION: The HTTP session cannot be obtained * * after a form login is performed over * * HTTPS. * **************************************************************** * RECOMMENDATION: * **************************************************************** The following FFDC is output and is an indicator of this problem. ------Start of DE processing------ = [4/9/12 20:53:00:390 CDT] Exception = com.ibm.websphere.servlet.session.UnauthorizedSessionRequestExce ption Source = com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters probeid = 1105 Stack Dump = com.ibm.websphere.servlet.session.UnauthorizedSessionRequestExce ption: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:LdapRegistry/cn=admin,ou=MYORGUNIT,o=MYORG,c=US. ‚   ‚   ‚   at com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.chec kSecurity(HttpSessionContextImpl.java:648) ‚   ‚   ‚   at com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.isVa lid(HttpSessionContextImpl.java:228) ‚   ‚   ‚   at com.ibm.ws.webcontainer.srt.SRTRequestContext.getSession(SRTRequ estContext.java:95) ‚   ‚   ‚   at com.ibm.ws.webcontainer.srt.SRTServletRequest.getSession(SRTServ letRequest.java:2096)
Problem conclusion
The code was modified to set the LTPA cookie to secure when the requiresSSL attribute is set to true. The fix for this APAR is currently targeted for inclusion in fix pack 8.5.0.1. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM67083
Reported component name
LIBERTY PROFILE
Reported component ID
5724J0814
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-06-18
Closed date
2012-09-24
Last modified date
2012-09-24
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LIBERTY PROFILE
Fixed component ID
5724J0814
Applicable component levels
R850 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
29 October 2021